漏洞描述
【漏洞对象】大华DSS 【漏洞描述】 该系统/emap/bitmap/bitMap_addLayer.action文件jsonstr参数存在未授权访问上传getshell漏洞,攻击者无需认证访问到内部数据,可导致敏感信息泄露,从而获取服务器权限。
大华DSS bitMap_addLayer.action页面jsonstr参数-未授权访问上传获得Shell
PoC代码
暂无相关漏洞推荐
- 大华dss城市平安 login_getPasswordErrorNum.action sql注入
- 大华 DSS 数字监控系统 group_saveGroup SQL 注入漏洞
- POC CVE-2022-42889: Text4Shell - Remote Code Execution
- POC CVE-2009-0545: ZeroShell <= 1.0beta11 Remote Code Execution
- POC CVE-2014-2321: ZTE Cable Modem Web Shell
- POC CVE-2014-6271: ShellShock - Remote Code Execution
- POC CVE-2019-8943: WordPress Core 5.0.0 - Crop-image Shell Upload
- POC CVE-2020-16846: SaltStack <=3002 - Shell Injection
- POC CVE-2021-24347: WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
- POC CVE-2023-34124: SonicWall GMS and Analytics Web Services - Shell Injection
- POC CVE-2025-53770: Microsoft SharePoint Server - Remote Code Execution (ToolShell)
- POC CVE-2014-6271: ShellShock - Remote Code Execution
- POC CVE-2020-16846: SaltStack Shell Injection